Author
Topic: Network configuration questions (Read 8154 times)

Ok, I realize this may have been asked already ad naseum, but searching the forum I still don't seem to find the answer to this question:

First, this is my current setup. My CORE has 2 network interfaces, ETH0: 192.168.1.100, and ETH1: 192.168.80.1.ETH0 goes to my Belkin Wifi Router (192.168.1.1). ETH1 goes to a 10/100mbit switch. My M/D's all connect to this switch. My regular w/s's all use wifi to connect to the Belkin router, and DHCP is turned off here. DHCP is on of course on the CORE.

My concern is this: If I let my regular worstations get their DHCP address from the CORE (i.e. if they all get 192.168.80.x addresses) how will they get routed to the internet if the CORE happens to be not up. Because in reality the CORE is going to be down at times. Will they be unable to since the CORE isn't able to route the data? Since my wife gets pretty frustrated with me if the "internet" is down, I don't want to implement this networking topology.

What I've done instead is assign static IP addresses to my "regular computers" (which use wifi, i.e. 192.168.1.x ip addresses) which don't depend on the CORE being up to get to the internet. This seems to work fine except that if I want to see the COREs external IP address I have to disable the CORE firewall all-together. This doesn't really bother me since is inside the hardware firewall anyway. This allows me to install Windows Orbiters and other good stuff.

Is this the "correct" and accepted way of setting up this network scheme? Are there any firewall rules I can implement on the CORE instead of turning off the firewall? If I turn on DHCP on the Belkin broadband router will this cause problems on the internal network?

that setup sounds fine to me. having dhcp on the 1.X network wont affect the 80.X network. all you would have to do for the firewall is let port 80 through. the web orbiter is different though. youd have to enable what ever port an orbiter uses to go through the firewall also. i dont remember which port it is off the top of my head but i have seen it somewhere. i think it was 13something but...not too sure.

You're basically correct... If the core is down, you want be able to access the internet without setting static addresses on your workstations and point them to your router... I had the same concern, but now, I just leave my core up all the time... now that it is stable it doesn't bother me leaving it up.. on the off chance my core has to be down for some reason, I just temporarily set a static address on any computer that needs to get out to the internet... your question about the firewall is I assume that you want to be able to talk to the core from a workstation that has a 192.168.1.x address.. the best answer is just to leave your core on all the time and don't have any static addresses on the external side other than of course your router.. other than that, you could temporarily turn off your core's firewall or put in some port forwarding in the core's firewall setup.

that setup sounds fine to me. having dhcp on the 1.X network wont affect the 80.X network. all you would have to do for the firewall is let port 80 through. the web orbiter is different though. youd have to enable what ever port an orbiter uses to go through the firewall also. i dont remember which port it is off the top of my head but i have seen it somewhere. i think it was 13something but...not too sure.

not true.. if you have md's plugged into the same switch, 2 dhcp servers are going to be a problem

I Appreciate the quick replies. I think I gather my setup is ok. Then really all I really need to do is figure out how to configure the CORE firewall. When I have the Firewall on and I try to ping from a 192.168.1.x w/s to the 192.168.1.100 CORE external interface, I don't get thru. When I turn the firewall off the ping requests work. So then this is a port issue? If so then which port does it use? I think also I will leave the broadband router DHCP off, less chance of confusion, and turn it on briefly if I have to configure a new piece of network equipment, like my network storage device.

that setup sounds fine to me. having dhcp on the 1.X network wont affect the 80.X network. all you would have to do for the firewall is let port 80 through. the web orbiter is different though. youd have to enable what ever port an orbiter uses to go through the firewall also. i dont remember which port it is off the top of my head but i have seen it somewhere. i think it was 13something but...not too sure.

not true.. if you have md's plugged into the same switch, 2 dhcp servers are going to be a problem

they arent on the same switch. linuxmce will provide dhcp over one nic which is on a switch. the belkin router is not on that switch at all.

that setup sounds fine to me. having dhcp on the 1.X network wont affect the 80.X network. all you would have to do for the firewall is let port 80 through. the web orbiter is different though. youd have to enable what ever port an orbiter uses to go through the firewall also. i dont remember which port it is off the top of my head but i have seen it somewhere. i think it was 13something but...not too sure.

not true.. if you have md's plugged into the same switch, 2 dhcp servers are going to be a problem

they arent on the same switch. linuxmce will provide dhcp over one nic which is on a switch. the belkin router is not on that switch at all.

ICMP (ping) doesnt use ports. you just need to enable icmp through the firewall. or for the firewall to respond to icmp if you are only pinging it.

DAMNIT!!.. that's twice today I've replied without reading an entire post and been wrong because of it.... teedge77.. you're right, I'm wrong.... didn't read that his internal side was on a separate switch...

Ok I think I have a handle on the firewall but DHCP is still confusing me.

Consider this:

If the CORE is the only DHCP server and then if I tell my WIFI workstation which connects to the Belkin router to request a DHCP address, the CORE will respond with an IP address on the 192.168.80.x subnet. Right? So then doesn't that mean the CORE DHCP service is advertising on both lan segments? And if so, wouldn't that cause problems if two DHCP servers were running?

If the CORE is the only DHCP server and then if I tell my WIFI workstation which connects to the Belkin router to request a DHCP address, the CORE will respond with an IP address on the 192.168.80.x subnet. Right?

no, not right at all. the core will only give dhcp on the 80.X network over the eth1 card. it only monitors that card for dhcp requests. anything requested on eth0 will just be ignored. (unless you changed something)

Well that was happening before I think...well it's all fuzzy now. I think that was when I was using 1 network card.

Yes, I have one nic so it's plugged into my router... dhcp on my router is off with a dhcp forward to 192.168.1.2 (external side of core) so everything plugged into my router gets dhcp forwarded to the core and receives a 192.168.80.x address on the internal side.

finsdown - the core's DHCP server can be configured to do both networks but by default it won't, as the guys say. One of the main reasons for this is because it doesn't have a "scope" configured for the external network. DHCP servers will only hand out IP leases for subnets that it has a scope for. It only has a scope for 192.168.80.0/24, and it knows that any requests that come in through the external NIC are not on that subnet, and that it doesn't have a scope configured for that subnet, so it will ignore the request assuming there is another DHCP server responsible for that subnet. If it is configured to listen on both interfaces AND has a scope configured for the external subnet, then it would attempt to respond. And get in trouble if your broadband router is doing DHCP as well. So you are all OK by the looks...